Google Patches Chrome Zero-Day Used by Commercial Exploit Company


Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux.

The most severe of these is CVE-2021-30544, a critical use-after-free bug that impacts BFCache, a browser optimization meant to enable instant back and forward navigation between cached pages. The feature was introduced in February 2019.

The critical security hole was reported by Rong Jian and Guang Gong of 360 Alpha Lab, who received a $25,000 bug bounty reward for the finding.